HJC Calls Bull on SSCI’s Conclusions

The Democrats on HJC have been doing their homework while the Republicans have been fear-mongering. They’ve read the documents related to the illegal wiretapping program, held secret hearings with the telecom companies, and called bull on several of the conclusions formed by SSCI. Not surprisingly, this letter justifies the FISA alternative which will come up for a vote later this afternoon.

The letter reveals the timing of the hearings with the telecom companies–but does not reveal whether the Republicans deigned to attend.

In recent weeks, Judiciary Committee members have received classified briefings from intelligence and Justice Department officials on the Administration’s warrantless surveillance program; we have been provided access to the same classified documents on the program that were provided months ago to the Senate Intelligence and Judiciary Committees (and, more recently, to the House Permanent Select Committee on Intelligence); and the Committee has conducted lengthy and extensive classified hearings on February 28 and March 5 to hear testimony from telecom and Administration officials. A key focus of that effort was the issue of retroactive immunity for phone companies that participated in the warrantless surveillance program. [my emphasis]

The hearings appear to have taken place during that period when the Republicans had taken their toys and gone home–so it’s likely, by refusing to let their staffers participate, the Republicans avoided learning the details that the Democrats learned [Update: I’ve been informed the Republicans attended the hearings]. And note–they still seem to be focused on phone companies, not the email carriers who are the center of the new programs.

The letter also confirms what we’ve already known–not all carriers acted the same in response to Administration requests.

Read more

Think Outside the Box

The ACLU says this about the House’s proposed compromise on FISA.

While we still have concerns about aspects of the new House FISA bill, the American Civil Liberties Union is encouraged by the new draft – particularly the language on state secrets, which would allow the cases to go forward while allowing the telecommunications companies to assert any defenses. We commend House leadership for keeping the courthouse door open.

I think this is what they’re referring to:

SEC. 802. PROCEDURES FOR COVERED CIVIL ACTIONS.
(a) INTERVENTION BY GOVERNMENT.— In any covered civil action, the court shall permit the Government to intervene. Whether or not the Government intervenes in the civil action, the Attorney General may submit any information in any form the Attorney General determines is appropriate and the court shall consider all such submissions.

(b) FACTUAL DETERMINATIONS.—In any covered civil action, the court shall review in accordance with the procedures set forth in section 106(f) any evidence or information with respect to which a privilege based on state secrets is asserted, whether that evidence or information is submitted by any party or the Government. The court may, on motion of the Attorney General, take any additional actions the court deems necessary to protect classified information. In order to ensure full argument of all legal issues, the court shall, to the extent practicable and consistent with national security, request that any party present briefs and arguments on any legal question the court determines is raised by such a submission even if that party does not have full access to such submission. The court shall consider whether the employment of a special master or an expert witness, or both, would facilitate proceedings under this section.

(c) LOCATION OF REVIEW.—The court may conduct the review in a location and facility specified by the Attorney General as necessary to ensure security.

(d) REMOVAL.—A covered civil action that is brought in a State court shall be deemed to arise under the Constitution and laws of the United States and shall be removable under section 1441 of title 28, United States Code.

Read more

“Or His Designee”

I noticed something really funny in the AT&T response to Dingell and friends that MadDog linked to. In a passage describing why the telecoms should be granted immunity for abetting the Administration in its illegal wiretap program, AT&T cites 18 USC 2411(2)(a)(ii) to argue that it is immune from prosecution.

The same principle–that a telecommunications carrier who cooperates in good faith with the authorized law enforcement or intelligence activities considered lawful by the executive–underlies numerous defenses and immunities reflected in existing statutory and case law. For example, 18 U.S.C. 2511(2)(a)(ii) provides that "notwithstanding any other law," carriers are authorized to provide "assistance" and "information" to the government whenever the communications service provider receives a "certification" from the Attorney General or his designee "that no warrant or court order is required by law, that all statutory requirements have been met, and that the specified assistance is required. When the Attorney General furnishes an appropriate certification, Congress has decreed that "no cause of action shall lie in any court." It does not matter whether the Attorney General’s judgment reflected in the certification is ultimately determined to have been right or wrong: as long as the carrier acted pursuant to such a certification, national policy forbids a lawsuit. [emphasis AT&T’s]

Now compare their citation of 18 U.S.C. 2511(2)(a)(ii) with the actual statute.

(ii) Notwithstanding any other law, providers of wire or electronic communication service, their officers, employees, and agents, landlords, custodians, or other persons, are authorized to provide information, facilities, or technical assistance to persons authorized by law to intercept wire, oral, or electronic communications or to conduct electronic surveillance, as defined in section 101 of the Foreign Intelligence Surveillance Act of 1978, if such provider, its officers, employees, or agents, landlord, custodian, or other specified person, has been provided with—

(A) a court order directing such assistance signed by the authorizing judge, or

(B) a certification in writing by a person specified in section 2518(7) of this title or the Attorney General of the United States that no warrant or court order is required by law, that all statutory requirements have been met, and that the specified assistance is required,

Do you see the difference? AT&T has unilaterally rewritten "a person specified in section 2518(7) of this title or the Attorney General" to say "Attorney General or his designee." (And if you’re wondering, 2518(7) doesn’t say anything about "designees" either. Update: yes it does–though it specifies that they have to be investigative officers.) Read more

“Dude, that’s what they want.”

Babak Pasdar’s affidavit on Verizon’s Quantico Circuit reveals something about the government’s back-door access to all of Verizon’s data, one which might be familiar to you from the missing White House emails saga.

When the Steven McDevitt tried to reconstruct all OVP the emails from the period when Scooter Libby and Dick Cheney were coordinating their cover story, he discovered no logs from the emails of that period existed; thus, there’s no way to be sure that the 250 pages of email turned over to Patrick Fitzgerald constitute all the missing emails.

Golly. What a surprise, then, that the government didn’t want any logs taken of its back-door access to (presumably) Verizon’s data.

Pasder notes that (presumably) Verizon’s log collection system was very primitive.

I specifically remembered being shocked at the primitiveness and inadequacy of their log collection system. After all, this was a major carrier. After a cursory overview I was able to point out to C1 and C2 that their log collection system might not have been collecting all logs. This surprised C1 and C2. A subsequent test showed that the client’s log collection system was missing as many as 75% of the logs being generated, essentially rendering the whole system useless.

Mind you, that covered the whole system, not just the Quantico Circuit the government was using to access the system. But when Pasdar describes learning about the Circuit itself, he explains that there was no logging system for the Circuit. None.

This is a little narrative he tells about learning of the Circuit when testing the firewalls of the new system he was putting in.

At one point I overheard C1 and C2 talking about skipping a location. Not wanting to do a shoddy job I stopped and said "we should migrate all sites."

C1 told me this site is different.

I asked, "Who is it? Carrier owned or affiliate?"

C1 said, "This is the ‘Quantico Circuit.’"

Pasdar goes on to learn that this is a 45 mega bit per second circuit that supports data and voice communication. The consultants he was working with made it clear they weren’t supposed to put any access controls on it.

C1 said that this circuit should not have any access control. He actually said it should not be firewallled.

I suggested to migrate it and implement an "Any-Any" rule. ("Any-Any" is a nickname for a completely open policy that does not enforce any restrictions.) That meant we could log any activity making a record of the source, destination and type of communication. It would have also allowed easy implementation of access controls at a future date. "Everything at least SHOULD be logged," I emphasized.

C1 said, "I don’t think that is what they want."

Read more

The Quantico Circuit

Yesterday, Wired’s Threat Level reported on the Quantico Circuit, what appears to be Verizon’s back door to give the government complete access to our telecommunications.

A U.S. government office in Quantico, Virginia, has direct, high-speed access to a major wireless carrier’s systems, exposing customers’ voice calls, data packets and physical movements to uncontrolled surveillance, according to a computer security consultant who says he worked for the carrier in late 2003.

"What I thought was alarming is how this carrier ended up essentially allowing a third party outside their organization to have unfettered access to their environment," Babak Pasdar, now CEO of New York-based Bat Blue told Threat Level. "I wanted to put some access controls around it; they vehemently denied it. And when I wanted to put some logging around it, they denied that."

Pasdar won’t name the wireless carrier in question, but his claims are nearly identical to unsourced allegations made in a federal lawsuit filed in 2006 against four phone companies and the U.S. government for alleged privacy violations. That suit names Verizon Wireless as the culprit. [my emphasis]

To which John Dingell and friends respond, this is another reason not to pass telecom immunity.

Because legislators should not vote before they have sufficient facts, we continue to insist that all House Members be given access to the necessary information, including the relevant documents underlying this matter, to make an informed decision on their vote. After reviewing the documentation and these latest allegations, Members should be given adequate time to properly evaluate the separate question of retroactive immunity.

Yeah, and while we’re at it, let’s figure out why the email providers are actually opposed to retroactive immunity. 

My Version of Pelosi’s Statement on Exclusivity

TPMM wrote up a summary of a response Speaker Pelosi gave to a question I asked at a blogger conference call today that has caused a stir. While I don’t disagree with McJoan’s take–if the Speaker had really said immunity was the issue, it would reflect a short-sighted view of FISA (though I’d say the same about other topics, such as segregation; after all, once the government can legally use information that has been improperly collected, that’s toothpaste out of a tube, too)–I’d like to give my version of the conversation, because I don’t think that’s what Pelosi said or meant.

The call was originally supposed to be focused on contempt. So after the Speaker finished telling about the Paul Wellstone Mental Health and Addiction Equity bill, someone (Mike Stark, I think) asked for reassurances that the Democrats would continue to pursue contempt after we win the White House and larger margins in both houses next year. Pelosi spoke at length about how important this contempt fight is because of the separation of powers issue–and stated that this is a better case than when GAO tried to get Cheney’s records on his Energy Task Force. Finally, in response to a follow-up, Pelosi stated that Democrats would continue to pursue the contempt issue after November.

Then, I piped in. I basically asked the idea laid out in this post.

Email providers argue that immunity will contribute to uncertainty. They speak of receiving "vague promises," they demand "clear rules" and "bright lines."

Given that complaints about uncertainty and unclear demands have led these email providers to strongly oppose retroactive immunity, it suggests the requests the email providers got were really murky–murky enough that the requests caused the email providers a good deal of trouble.

If the government was making such murky requests, don’t you think Congress ought to know what those requests were in more detail?

That is, since email providers just made a very strong statement against immunity, shouldn’t we be asking them why they’re opposed to it?

Pelosi, having just spoken at length about about separation of powers, then said that immunity wasn’t the only issue, exclusivity was important as well.

Note, I’m not sure I can dispute Paul Kiel’s description, though I don’t remember Pelosi emphasizing exclusivity in the way his post suggests at all. I certainly didn’t hear her say immunity is the issue, but then I was listening for my answer. Read more

The Government’s Unclear Demands for Emails

Ryan Singel and Mary have pointed to to Ken Wainstein’s confirmation of something we’ve been discussing for some time: the problem with FISA’s restrictions on foreign communication has to do with email.

But in response to a question at the meeting by David Kris, a former federal prosecutor and a FISA expert, Wainstein said FISA’s current strictures did not cover strictly foreign wire and radio communications, even if acquired in the United States. The real concern, he said, is primarily e-mail, because "essentially you don’t know where the recipient is going to be" and so you would not know in advance whether the communication is entirely outside the United States. [my emphasis]

Now that the Administration is finally telling us some truths about their program, I think it worthwhile to repeat and expand on an observation I made here about CCIA’s letter opposing telecom immunity. CCIA, after all, represents three big email companies: Microsoft (Hotmail), Google (Gmail), and Yahoo. And in their letter, these email companies directly tie immunity with confusing requests from the government.

To the Members of the U.S. House of Representatives:

The Computer & Communications Industry Association (CCIA) strongly opposes S. 2248, the “FISA Amendments Act of 2007,” as passed by the Senate on February 12, 2008. CCIA believes that this bill should not provide retroactive immunity to corporations that may have participated in violations of federal law. CCIA represents an industry that is called upon for cooperation and assistance in law enforcement. To act with speed in times of crisis, our industry needs clear rules, not vague promises that the U.S. Government can be relied upon to paper over Constitutional transgressions after the fact. !!

CCIA dismisses with contempt the manufactured hysteria that industry will not aid the United States Government when the law is clear. As a representative of industry, I find that suggestion insulting. To imply that our industry would refuse assistance under established law is an affront to the civic integrity of businesses that have consistently cooperated unquestioningly with legal requests for information. This also conflates the separate questions of blanket retroactive immunity for violations of law, and prospective immunity, the latter of which we strongly support.

Read more

Shorter Google:

"Don’t eliminate the competitive advantage I gained by trying to protect Americans’ privacy."

McJoan reports that the CCIA wrote a letter to Congress opposing retroactive immunity.

In strong rebuke of the Chamber’s knee jerk Republican pandering, the trade group that actually represents companies in the computer, Internet, information technology, and telecommunications industries, the Computer & Communications Industry Association (CCIA) is opposed to telco amnesty [pdf], and have weighed in with their own letter to Congress.

To the Members of the U.S. House of Representatives:

The Computer & Communications Industry Association (CCIA) strongly opposes S. 2248, the "FISA Amendments Act of 2007," as passed by the Senate on February 12, 2008. CCIA believes that this bill should not provide retroactive immunity to corporations that may have participated in violations of federal law. CCIA represents an industry that is called upon for cooperation and assistance in law enforcement. To act with speed in times of crisis, our industry needs clear rules, not vague promises that the U.S. Government can be relied upon to paper over Constitutional transgressions after the fact.

CCIA dismisses with contempt the manufactured hysteria that industry will not aid the United States Government when the law is clear. As a representative of industry, I find that suggestion insulting. To imply that our industry would refuse assistance under established law is an affront to the civic integrity of businesses that have consistently cooperated unquestioningly with legal requests for information. This also conflates the separate questions of blanket retroactive immunity for violations of law, and prospective immunity, the latter of which we strongly support. [emphasis McJoan’s]

And if I’m not mistaken, Google and Yahoo are the two primary CCIA members who would be (as the letter states) "called upon for cooperation and assistance in law enforcement" [Update: as WO points out, Evil Bill Gates is as big a player in free email, and was also asked for search queries.] As you’ll recall, both Google and Yahoo were asked to turn over vast amounts of data that would have also revealed a good deal of proprietary information (Yahoo complied, Google fought the request).

The Justice Department has asked a federal judge to compel Google, the Internet search giant, to turn over records on millions of its users’ search queries as part of the government’s effort to uphold an online pornography law.

Google has been refusing the request since a subpoena was first issued last August, even as three of its competitors agreed to provide information, according to court documents made public this week. Google asserts that the Read more

Mixed Telecom Signals

As Ryan Singel points out, Silvestre Reyes went from writing a scathing editorial with Senators Leahy and Jello Jay and Congressman Conyers on Monday, denouncing Bush’s scare tactics, to announcing imminent agreement by the end of the week.

Regarding a compromise deal, Reyes said: "We think we’re very close, probably within the next week we’ll be able to hopefully bring it to a vote."

Seemingly a pretty big turn-around over the course of the week, no?

But there’s more that’s funky with Reyes’ timing. The AP reports his statement was taped Friday, not Sunday.

Rep. Silvestre Reyes, in a television interview broadcast Sunday, did not specifically say whether the House proposal would mirror the Senate’s version.

[snip]

Reyes, whose interview was taped Friday, appeared on CNN’s "Late Edition," as did Blunt.

Friday happens to be the same day that Harry Reid moved to pass a 30-day extension to the PAA.

As we move forward, there is no reason not to extend the Protect America Act to ensure that there are no gaps in our intelligence gathering capabilities. Even Admiral McConnell, the Director of national Intelligence, has testified that such an extension would be valuable. But the President threatens to veto an extension, and our Republican colleagues continue, inexplicably, to oppose it.

“I urge them to withdraw their opposition. I will now ask unanimous consent to take up and pass S. 2664, a bill to extend the Protect America Act for 30 days, and to make the extension effective as of February 15, to ensure that there are no adverse legal consequences from the President’s decision to let that law expire.”

Now I suppose the 30-day extension, made retroactive to February 15, would amount to just a 15 day extension. And I see the value of forcing Republicans to repeatedly refuse to ensure the wiretaps continue.

But which is it? Imminent deal, or two more weeks?

And while we’re talking about weird temporal anomalies, can someone help me with the timing of this passage?

Reyes, D-Texas, said he was open to that possibility after receiving documents from the Bush administration and speaking to the companies about the industry’s role in the government spy program.

"We are talking to the representatives from the communications companies because if we’re going to give them blanket immunity, we want to know and we want to understand what it is that we’re giving immunity for," he said. "I have an open mind about that."

Read more

It’s All About $$$

We know that the Administration only became intransigent about immunity for telecoms after a telecom lobbyist took over as Counselor to the President. And we know the telecoms cut off wiretaps–even a FISA one–when they didn’t get paid by the FBI. It’s pretty clear the fight over telecom immunity and FISA is about the money.

Which is probably why Republicans are now whining that telecoms are not paying them enough for their willingness to gut the Constitution. 

In a reflection of the sensitivity of the subject matter, and an apparent recognition that they would undermine their own messaging by appearing to be motivated by fundraising concerns, Republicans on and off Capitol Hill declined to comment on the record.

But several confirmed the griping in GOP leadership ranks over the phone companies’ shifting donations.

"When those numbers are made evident, it causes some angst," one Republican lobbyist said. "Leadership are told by staff, who look through this. There’s communication back and forth" between GOP leadership and downtown.

"There’s no question that from time to time staff, and maybe some Members, say to fellow travelers: ‘Are you giving us some air cover? Are you helping us help you?’"

Added another K Street Republican: "There’s a growing frustration that a lot of these guys getting screwed by Democratic leadership are continuing to load their coffers."

Republican leaders, this lobbyist said, "sit there and scratch their heads and say, ‘We’ve always been very supportive of free markets and our opponents haven’t, so why do they keep feeding the beast?’"

Shorter anonymous Republican aides: cough up for the immunity campaign. Now.

Can we start calling it a quid pro quo if this blatant demand to the telecoms works? And what’s the going rate for gutting the Constitution, anyway?

image_print